Offensive Security Notes
  • OSCP Checklist
    • Privilege Escalation Windows
  • Menu
    • Services
      • Remote Desktop (RDP) (3389)
      • FTP (21)
      • Telnet (23)
      • SMTP (25)
      • HTTP/HTTPS (80/443)
        • OWASP TOP 10 (2017)
      • Kerberos (88) / Active Directory (AD)
      • NetBIOS (139)
      • Samba / SMB (445)
      • IMAP (143/993)
      • MySQL / MariaDB (3389)
      • PostgreSQL (5432)
    • Vulnerability Methods
      • Padding Oracle Attack
      • Unsecure JSON Web Token (JWT)
      • XXE (XML External Entity)
      • LFI / RFI (Local / Remote File Inclusion)
      • CSRF (Cross-Site Request Forgery)
      • Session Fixation
      • SSRF (Server-Side Request Forgery)
      • Wildcard Injection
    • Tools of the Trade
      • powershell
      • hashcat
      • responder
      • OWASP Favicon DB
      • misc
      • meterpreter
      • Bloodhound
      • powerview
      • redis
      • wpscan
      • cewl
    • Walkthroughs
      • Try Hack Me
        • Attacktive Directory
      • OSCP Practice
        • Vector
        • Vault
        • QuarterJack
        • PayDay
        • Pelican
        • Postfish
        • Readys
Powered by GitBook
On this page
  1. Menu
  2. Vulnerability Methods

LFI / RFI (Local / Remote File Inclusion)

LFI / RFI are the most common vulnerabilities in unsecure web applications. Essentially a website (usually PHP, but doesn't have to be) will allow user input without any sort of (or poor) input sanitization. This mean that a rogue user can use the vulnerability to read local or remote files that can provide information and/or even provide a way to do remote code execution (RCE).

Basic examples:

  1. index.php?page=/etc/passwd

  2. index.php?page=../../../home/falcon/.ssh/id_rsa

PreviousXXE (XML External Entity)NextCSRF (Cross-Site Request Forgery)

Last updated 3 years ago